KEP-5759: Memory Manager Hugepages Availability Verification

[srikalyan]

Summary

This KEP proposes enhancing the Memory Manager's Static policy to verify OS-reported free hugepages availability during pod admission.

Problem

The Memory Manager only tracks hugepage allocations for Guaranteed QoS pods. Burstable/BestEffort pods can consume hugepages (via hugetlbfs mounts or mmap with MAP_HUGETLB) without being tracked, causing subsequent Guaranteed pods to be admitted but fail at runtime when hugepages are exhausted.

Solution

1. cadvisor: Add FreePages field to HugePagesInfo with new GetCurrentHugepagesInfo() method for fresh sysfs reads (PR: Add FreePages to HugePagesInfo for hugepage availability reporting google/cadvisor#3804)
2. Memory Manager: Verify OS-reported free hugepages during Allocate() in Static policy
3. Admission: Reject pods when insufficient free hugepages are available

Related

• Enhancement Issue: Memory Manager Hugepages Availability Verification #5759
• Kubernetes Issue: Static Memory Manager doesn't verify OS reported available huge pages during pod admission kubernetes#134395
• cadvisor PR: Add FreePages to HugePagesInfo for hugepage availability reporting google/cadvisor#3804

KEP Metadata

• SIG: sig-node
• Stage: Alpha (target v1.36)
• Feature Gate: MemoryManagerHugepagesVerification

/sig node
/kind kep

[k8s-ci-robot]

@srikalyan: The label(s) area/kubelet cannot be applied, because the repository doesn't have them.

Details

In response to this:

Summary

This KEP proposes enhancing the Memory Manager's Static policy to verify OS-reported free hugepages availability during pod admission.

Problem

The Memory Manager only tracks hugepage allocations for Guaranteed QoS pods. Burstable/BestEffort pods can consume hugepages (via hugetlbfs mounts or mmap with MAP_HUGETLB) without being tracked, causing subsequent Guaranteed pods to be admitted but fail at runtime when hugepages are exhausted.

Solution

1. cadvisor: Add FreePages field to HugePagesInfo (PR: Add FreePages to HugePagesInfo for hugepage availability reporting google/cadvisor#3804)
2. Memory Manager: Verify OS-reported free hugepages during Allocate() in Static policy
3. Admission: Reject pods when insufficient free hugepages are available

Related

• Issue: Static Memory Manager doesn't verify OS reported available huge pages during pod admission kubernetes#134395
• cadvisor PR: Add FreePages to HugePagesInfo for hugepage availability reporting google/cadvisor#3804

KEP Metadata

• SIG: sig-node
• Stage: Alpha (target v1.33)
• Feature Gate: MemoryManagerHugepagesVerification

/sig node
/kind kep
/area kubelet

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: srikalyan
Once this PR has been reviewed and has the lgtm label, please assign dchen1107 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• keps/sig-node/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[k8s-ci-robot]

Welcome @srikalyan!

It looks like this is your first PR to kubernetes/enhancements 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes/enhancements has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

[k8s-ci-robot]

Hi @srikalyan. Thanks for your PR.

I'm waiting for a github.com member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[srikalyan]

/remove-area kubelet

[k8s-ci-robot]

@srikalyan: Those labels are not set on the issue: area/kubelet

Details

In response to this:

/remove-area kubelet

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[ffromani]

/cc

[ffromani]

/ok-to-test

[ffromani]

Thanks for your contribution! I'm in favor of improving the accounting and making the memory manager/kubelet more predictable. I think we can benefit from some clarifications before to deep dive into further details.

[ffromani]

this makes me think we need a better accounting/validation mechanism in general, not just for memory manager. Because the very issue we are attacking here is also relevant to burstable pods, and to some extent to best effort pods.

[srikalyan]

Agreed. This KEP focuses on the Memory Manager Static policy as a targeted fix, but the underlying issue of consistent hugepage accounting across QoS classes is worth discussing as a broader improvement. Perhaps a follow-up KEP for unified hugepage tracking?

[ffromani]

One of the key assumptions of how the kubelet operates in general, is that is the sole owner of a node. There is some leeway in some cases: we can pre-partition CPUs and make the kubelet assume it is the sole owner of the resource pool it got when started, and we can probably should do the same for hugepages. But in general, dynamic co-sharing of resources (kubelet races with other daemons or programs) is not supported and it's unlikely it ever will

[srikalyan]

Understood. To clarify: the issue here isn't external daemons racing with kubelet. It's that both pods are managed by kubelet and properly request hugepages. The gap is internal - scheduler tracks at node level, Memory Manager tracks at per-NUMA level but only for Guaranteed pods. The Burstable pod's hugepages are tracked by scheduler but not by Memory Manager's Static policy.

[ffromani]

how can this happen? do we have examples or scenarios?

[srikalyan]

Yes! See kubernetes/kubernetes#134395 for the real-world scenario:

• m6id.32xlarge with 2 NUMA nodes, 16GB of 2MB hugepages per node
• Burstable pod requests ~12GB of 2MB hugepages → scheduled and runs
• Guaranteed pod requests ~12GB of 2MB hugepages → admitted to NUMA node 1
• Memory Manager thought node1 had ~15.2GB free
• OS actually reported node1 had only ~3.2GB free

The gap: Memory Manager only tracks Guaranteed pods for NUMA placement.

[ffromani]

we need to be mindful this will cause another opportunity for rejection loops like kubernetes/kubernetes#84869

[srikalyan]

Good point. I'll review that issue. The key difference here is that the rejection would be based on actual OS state (sysfs free_hugepages), not internal tracking discrepancy. This should make the rejection more accurate and actionable - the message would indicate "insufficient free hugepages on NUMA node X" rather than a vague resource conflict.

[ffromani]

this is true, but it's still very likely that controllers will just create runaway pods, because this is another kubelet-local rejection the scheduler doesn't predict or expect, caused by information inbalance between the scheduler and the kubelet (cc @wojtek-t - we talked this in the context of the kubelet-driven pod reschedules)

[ffromani]

/retitle KEP-5759: Memory Manager Hugepages Availability Verification

[ffromani]

Thanks @srikalyan for leading this effort. I'm in general supportive of this memory manager enhancement and, pending further review and elaborating, I do see the benefit of the proposed approach about checking free hugepages. Because there's some time left before the 1.36 cycle begins, I'd like to explore other options to solve this problem before we commit to the proposed direction. I'll have another review iteration ASAP.

[srikalyan]

@ffromani Happy new year to you. Can I request you for another review?

[ffromani]

thanks for the updates. The next step is to bring this up on the larger sig-node and in the 1.36 SIG planning. I think this work would be well accepted by the SIG, but let's make sure.

[ffromani]

once we agree at sig-node level about this work, we need to add the prod-readiness tracking file.
I think this work deserves to be talked about on a sig-node meeting for coordination.

[ffromani]

this is true, but it's still very likely that controllers will just create runaway pods, because this is another kubelet-local rejection the scheduler doesn't predict or expect, caused by information inbalance between the scheduler and the kubelet (cc @wojtek-t - we talked this in the context of the kubelet-driven pod reschedules)

[ffromani]

This alone justifies the fix. The memory manager and the kubelet admission process failed to honor the pod contract. The pod was admitted, letting the workload to believe that resources are avaialble and allocatable, and they were not.
So this part is fine. What I'm circling around is the implications. I'm still thinking if we need to fix the admission phase in general, and if we should mitigate (or fix) the scheduler problem (https://github.com/kubernetes/enhancements/pull/5753/files#r2649077040)

[ffromani]

thanks. It's possible sig-windows and sig-node are fine with a linux-first (or linux-only) solution, but it's good to ask the question nevertheless

[ffromani]

the alternative I'm thinking about is to extend the memory manager and admission logic to listen to each and every pod admission to track where (= which NUMA node) the hugepages are allocated from. However, If the kubelet doesn't enforce a cpuset.mems restriction, however, there's no way to know from where the hugepage is gonna be taken till the container processes go running, therefore past admission stage. Therefore, the proposed approach to check the actual free resources before each and every allocation attempt seems to be the best compromise (bar the only possible approach) in the current architecture.
We should probably document this in the "discarded alternatives" section.

[ffromani]

I'm still unconvinced this is a real problem because the fundamental kubelet assumption that the kubelet owns the node. Therefore no other relevant process should take resources behind kubelet's back. We can enhance the kubelet pre-partition/reservation logic to consider only a portion of hugepages, mimicing the --reserved-cpus logic.

[srikalyan]

Re: --reserved-hugepages: This could help for external consumers, but doesn't solve the Burstable/Guaranteed tracking gap since both are kubelet-owned. The reservation approach would require users to manually reserve hugepages equal to their Burstable workloads - which defeats the purpose of dynamic scheduling.

[ffromani]

as commented above, is not just a startup failure or increased time to go running, a serious issue is that the kubelet/workload contract is breached. The (too implicit) contract is that once a pod is admitted, the requested resources are available. The very issue linked here demonstrates this is not the case until we fix this behavior

[ffromani]

pending SIG discussion and approval, there's a good chance this work can start as beta per recent KEP graduation guidelines. The change is quite self contained and targeted, so it qualifies.

[srikalyan]

thanks for the updates. The next step is to bring this up on the larger sig-node and in the 1.36 SIG planning. I think this work would be well accepted by the SIG, but let's make sure.

How do you recommend, I approach this?

[wendy-ha18]

thanks for the updates. The next step is to bring this up on the larger sig-node and in the 1.36 SIG planning. I think this work would be well accepted by the SIG, but let's make sure.

How do you recommend, I approach this?

Hi @srikalyan , sig node meeting weekly on Tuesdays at 10:00 PT (Pacific Time) so you can attend this week meeting to discuss more with SIG Node tech leads and chairs. Zoom link and detail can be viewed in here: https://github.com/kubernetes/community/tree/master/sig-node.

This KEP has /lead-opted-in and /milestone v1.36 label from SIG Node for it already, so I think we will target for first deadline is Production Readiness Freeze - 4th February 2026 (AoE) / Thursday 5th February 2026, 12:00 UTC.

[srikalyan]

Thank you Wendy,Will join this Tuesday.Sent from my iPhoneOn Jan 25, 2026, at 11:47 PM, Wendy Ha ***@***.***> wrote:wendy-ha18 left a comment (kubernetes/enhancements#5753) thanks for the updates. The next step is to bring this up on the larger sig-node and in the 1.36 SIG planning. I think this work would be well accepted by the SIG, but let's make sure. How do you recommend, I approach this? Hi @srikalyan , sig node meeting weekly on Tuesdays at 10:00 PT (Pacific Time) so you can attend this week meeting to discuss more with SIG Node tech leads and chairs. Zoom link and detail can be viewed in here: https://github.com/kubernetes/community/tree/master/sig-node. This KEP has /lead-opted-in and /milestone v1.36 label from SIG Node for it already, so I think we will target for first deadline is Production Readiness Freeze - 4th February 2026 (AoE) / Thursday 5th February 2026, 12:00 UTC. —Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: ***@***.***>

[srikalyan]

Hello Wendy, I am sorry for the late notice, I will be able to join around 10:45 am, is that ok? You have a great day :). Thanks, -SK. On Mon, Jan 26, 2026 at 6:00 AM srikalyan swayampakula < ***@***.***> wrote:

…

Thank you Wendy, Will join this Tuesday. Sent from my iPhone On Jan 25, 2026, at 11:47 PM, Wendy Ha ***@***.***> wrote:  *wendy-ha18* left a comment (kubernetes/enhancements#5753) <#5753 (comment)> thanks for the updates. The next step is to bring this up on the larger sig-node and in the 1.36 SIG planning. I think this work would be well accepted by the SIG, but let's make sure. How do you recommend, I approach this? Hi @srikalyan <https://github.com/srikalyan> , sig node meeting weekly on Tuesdays at 10:00 PT (Pacific Time) <https://zoom.us/j/91437143016?pwd=pUErbBMFOiIAN3ZE9gpPR6skpHYeuo.1> so you can attend this week meeting to discuss more with SIG Node tech leads and chairs. Zoom link and detail can be viewed in here: https://github.com/kubernetes/community/tree/master/sig-node. This KEP has /lead-opted-in and /milestone v1.36 label from SIG Node for it already, so I think we will target for first deadline is Production Readiness Freeze <https://github.com/kubernetes/sig-release/blob/master/releases/release_phases.md#prr-freeze> - 4th February 2026 (AoE) / Thursday 5th February 2026, 12:00 UTC. — Reply to this email directly, view it on GitHub <#5753 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AADPQQE7LUZDW543T2YFMED4IXBABAVCNFSM6AAAAACP6MPEVOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTOOJYGI3TCMBSGQ> . You are receiving this because you were mentioned.Message ID: ***@***.***>